Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Warning after WannaCry sets off fake BT phishing attack

Sophos Naked Security - 23 Květen, 2017 - 12:30
It's a sad fact that we end up seeing warnings about warnings in the aftermath of a major cybersecurity event

Hackeři napadli vydavatele amerického deníku USA Today, ohrozili data 18 tisíc zaměstnanců

Novinky.cz - bezpečnost - 23 Květen, 2017 - 11:04
Jedno z největších amerických novinových vydavatelství Gannet Co, do jehož portfolia patří i deník USA Today, napadli hackeři a získali citlivá data o 18 tisících současných i dřívějších zaměstnancích. K průniku do vnitřní sítě vydavatelství došlo prostřednictvím phishingové zprávy, kterou pachatel zaslal na oddělení lidských zdrojů společnosti, uvedl server WeLiveSecurity.com.
Kategorie: Hacking & Security

18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

The Hacker News - 23 Květen, 2017 - 10:11
After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The tool is supported by PHP, Python, Ruby, Perl, C++, and many other programming languages. This
Kategorie: Hacking & Security

There’s new evidence tying WCry ransomware worm to prolific hacking group

Ars Technica - 23 Květen, 2017 - 05:34

Enlarge (credit: Health Service Journal)

Researchers have found more digital fingerprints tying this month's WCry ransomware worm to the same prolific hacking group that attacked Sony Pictures in 2014 and the Bangladesh Central Bank last year.

Last week, a researcher at Google identified identical code found in a WCry sample from February and an early 2015 version of Contopee, a malicious backdoor used by the hacking team Lazarus Group. The group has been operating since at least 2011. Additional fingerprints linked Lazarus Group to hacks that wiped almost a terabyte's worth of data from Sony Pictures and siphoned a reported $81 million from the Bangladesh Central Bank last year. Researchers say Lazarus Group carries out hacks on behalf of North Korea.

On Monday, researchers from security firm Symantec presented additional evidence that further builds the case that WCry, which is also known as WannaCry, is closely linked to Lazarus Group. The evidence includes:

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

Trump’s Cybersecurity Boss Talks Priorities

Threatpost - 22 Květen, 2017 - 23:25
The country's top cybersecurity boss said the country is headed the wrong way when it comes to cybersecurity.
Kategorie: Hacking & Security

Experti dohlížející na sankce proti KLDR jsou terčem hackerů

Novinky.cz - bezpečnost - 22 Květen, 2017 - 23:25
Experti OSN vyšetřující porušování sankčních podmínek uvalených na Severní Koreu jsou terčem kybernetických útoků, za kterými stojí hackeři s velmi dobrým přehledem o jejich práci. OSN to uvádí v interním varovném e-mailu, napsala v pondělí agentura Reuters.
Kategorie: Hacking & Security

“Yahoobleed” flaw leaked private e-mail attachments and credentials

Ars Technica - 22 Květen, 2017 - 21:51

Enlarge (credit: BenGrantham)

For years, Yahoo Mail has exposed a wealth of private user data because it failed to update widely used image-processing software that contained critical vulnerabilities. That's according to a security researcher who warned that other popular services are also likely to be leaking sensitive subscriber secrets.

Chris Evans, the researcher who discovered the vulnerabilities and reported them privately to Yahoo engineers, has dubbed them "Yahoobleed" because the vulnerabilities caused the site to bleed contents stored in server memory. The easy-to-exploit flaws resided in ImageMagick, an image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other programming languages. One version of Yahoobleed was the result of Yahoo failing to install a critical patch released in January 2015. A second Yahoobleed vulnerability was the result of a bug that ImageMagick developers fixed only recently after receiving a private report from Evans.

The vulnerability discovered by Evans could be exploited by e-mailing a maliciously manipulated image file to a Yahoo Mail address. After opening the 18-byte file, chunks of Yahoo server memory began leaking to the end user. Evans called this version of the attack "Yahoobleed1." "Yahoobleed2" worked by exploiting the vulnerability fixed in January 2015.

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Verizon Patches XSS Issues in its Messaging Client

Threatpost - 22 Květen, 2017 - 21:25
Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user's session.
Kategorie: Hacking & Security

EternalRocks Worm Spreads Seven NSA SMB Exploits

Threatpost - 22 Květen, 2017 - 19:05
A worm called EternalRocks has been spreading seven Windows SMB exploits leaked by the ShadowBrokers, including EternalBlue, which was used to spread WannaCry.
Kategorie: Hacking & Security

WannaCry se neměl vůbec rozšířit. Stačilo, abychom používali Windows Update

Zive.cz - bezpečnost - 22 Květen, 2017 - 19:00
** WannaCry se masivně rozšířil kvůli zranitelnosti ve Windows ** Ta mu umožnila, aby se pokusil sám napadnout další počítače ** Jenže ta chyba už je dva měsíce opravená!
Kategorie: Hacking & Security

Yes, Geek Squad can search your files and hand you over to the police

Sophos Naked Security - 22 Květen, 2017 - 18:56
Judge rules images found on a defendant's hard drive inadmissible - but bats away contention that he had an expectation of privacy when he passed his PC to Geek Squad

Newly Found Malware Uses 7 NSA Hacking Tools, Where WannaCry Uses 2

The Hacker News - 22 Květen, 2017 - 18:51
A security researcher has identified a new strain of malware that also spreads itself by exploiting flaws in Windows SMB file sharing protocol, but unlike the WannaCry Ransomware that uses only two leaked NSA hacking tools, it exploits all the seven. Last week, we warned you about multiple hacking groups exploiting leaked NSA hacking tools, but almost all of them were making use of only two
Kategorie: Hacking & Security

After WannaCry, EternalRocks digs deeper into the NSA’s exploit toolbox

Sophos Naked Security - 22 Květen, 2017 - 17:52
WannaCry may be behind us, but fears that the crooks might create new malware from the NSA's stash of exploits seem to be coming true

Judge demands cellphone passwords from social media star

Sophos Naked Security - 22 Květen, 2017 - 17:38
Hencha Voigt and her partner Wesley Victor were unable to unlock their phones despite the judge's order - and the case highlights some inconsistencies in the law

GDPR is just a year away: here’s what you need to know

Sophos Naked Security - 22 Květen, 2017 - 15:31
Time is running out - are you ready for GDPR? We've got some guidance for you

Jaya Baloo on WannaCry and Defending Against Advanced Attacks

Threatpost - 22 Květen, 2017 - 15:00
Jaya Baloo, CISO of KPN, the Netherlands’ leading telecommunications provider, talks to Mike Mimoso about the WannaCry ransomware outbreak and how large network providers and enterprises must contend with advanced attacks.
Kategorie: Hacking & Security

What does Twitter think you’re interested in? Now you can find out

Sophos Naked Security - 22 Květen, 2017 - 14:13
Twitter has tweaked its settings so that you can see what it thinks you're interested in so that advertisers can target you

Why Was Wanacrypt0r 2.0 So Successful?

InfoSec Institute Resources - 22 Květen, 2017 - 14:00

1. Introduction On 12th of May 2017, unknown hackers launched a large-scale global ransomware attack. It affected more than 230,000 computers. The ransomware (WanaCrypt0r 2.0) used for conducting the attack was based on the EternalBlue exploit created by the U.S. National Security Agency (NSA). Although in March 2017 Microsoft released a security patch addressing the […]

The post Why Was Wanacrypt0r 2.0 So Successful? appeared first on InfoSec Resources.

Kategorie: Hacking & Security

5 Key Steps to Survive as a Cyber Security Startup

InfoSec Institute Resources - 22 Květen, 2017 - 14:00

With the disturbing facts that the hackers are actively breaching our computer systems and stealing our critical data and corporate information, it is required to build a strong network and security infrastructure before expanding the businesses and startups should look ahead in this regard as they are the easiest prey. We have seen many cyber-security […]

The post 5 Key Steps to Survive as a Cyber Security Startup appeared first on InfoSec Resources.

Kategorie: Hacking & Security
Syndikovat obsah